webauthn – Page 6 – WindowsTechs.com

Risks with OpenSSL verifying a signature with un-trusted PEM encoded public key

Posted on February 3, 2020 by Craig Francis

If a website user wants to use WebAuthn, they will start by creating a credential, where their authentication device provides a public key.

This key is encoded, and sent back to the server to store against their account.

Later, when the … Continue reading Risks with OpenSSL verifying a signature with un-trusted PEM encoded public key→

Google launches open-source security key project, OpenSK

Posted on February 3, 2020 by Danny Bradbury

OpenSK is a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key. Continue reading Google launches open-source security key project, OpenSK→

WebAuthn Variation with non-connect dongle Authenticator

Posted on December 16, 2019 by mazecreator

As I read through the WebAuthn / FIDO2 documentation, it appears the authentication is done on the local device to create an attestation to the FIDO server. This future implies the “biometrics” or other Authenticator means m… Continue reading WebAuthn Variation with non-connect dongle Authenticator→

How to add a new webauthn key if the existing one isn’t portable

Posted on November 28, 2019 by Jonas Schwabe

Webauthn supports authentication or multi factor authentication with either hardware keys or authentication features that are built into the device used (Windows Hello, Android with a Fingerprint, …).

Given the case that a… Continue reading How to add a new webauthn key if the existing one isn’t portable→

Why does WebAuthn require a challenge when asking the client to register a new credential?

Posted on November 14, 2019 by johnnyodonnell

When registering a new credential as part of WebAuthn, why does the client need to be sent a challenge?

Presumably this is to prevent a replay attack, but wouldn’t a replay attack be prevented by TLS already?

Continue reading Why does WebAuthn require a challenge when asking the client to register a new credential?→

FIDO and FIDO2 differences

Posted on November 5, 2019 by Filipe Rodrigues

I’ve been reading both FIDO and FIDO2 specs for a while tring to understand the similarities and differences between both. Here is how I broke it down so far:

FIDO: First iteration in creating a cross industry standard for passwordless … Continue reading FIDO and FIDO2 differences→

Hackers bypassing some types of 2FA security FBI warns

Posted on October 11, 2019 by John E Dunn

Some types of 2FA security can no longer be guaranteed to keep the bad guys out, the FBI warned US companies. Continue reading Hackers bypassing some types of 2FA security FBI warns→

Why don’t online banks use WebAuthn? [on hold]

Posted on October 10, 2019 by jj_p

My ideal bank would offer online banking from a browser with user/pwd and WebAuthn, for example with a NFC or USB key. No OTP or SMS or apps on the smartphone or physical devices required. (It goes without saying, no recovery… Continue reading Why don’t online banks use WebAuthn? [on hold]→

How to emulate webauthn?

Posted on September 26, 2019 by Kannan Ramamoorthy

Is there a way to emulate Webauthn so that we’ll be able to a automated testing on our FIDO2 server?

Continue reading How to emulate webauthn?→

Yubikey – WebAuthn and U2F

Posted on September 14, 2019 by Jack

I have a yubikey which supports only U2F. It doesn’t support FIDO2. I read about U2F and i understand how it works.

When i test my Yubikey for WebAuthn on https://webauthn.io it works. I wanted to know how WebAuthn works wi… Continue reading Yubikey – WebAuthn and U2F→